Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款OpenStack产品安全漏洞
Vulnerability Description
OpenStack Identity(Keystone)是美国国家航空航天局(National Aeronautics and Space Administration)和美国Rackspace公司合作研发的一个用于身份验证的项目,提供身份、令牌、目录和策略服务。OpenStack keystonemiddleware(前称python-keystoneclient)是其中的一个用于处理身份验证的中间件。 多款OpenStack产品的identity服务中存在安全漏洞,该漏洞源于程序使用PKI或PKIZ令
CVSS Information
N/A
Vulnerability Type
N/A